Surprise Adobe update grapples with critical flaws
Date: Wednesday, February 17, 2010 @ 11:54:58 UTC
Topic: Adobe


Adobe published an out-of-sequence update for its Reader and Acrobat software packages on Tuesday that tackles a brace of serious flaws.      The cross-platform Reader and Acrobat update fixes a vulnerability in the domain sandbox of the PDF technology that opens the door to  possible exploits, more specifically unauthorised cross-domain requests. In addition the update addresses a critical flaw that creates a mechanism for hackers to inject hostile code onto vulnerable systems

Adobe advises users to upgrade to Acrobat version 9.3.1 and Reader version 9.3.1, as explained in a bulletin here. Last week Adobe updated its Flash software in a way that meant users had to uninstall the previous version in order to remove the threat from their systems.

The importance of the Reader update is underscored by the release of a survey by web security firm ScanSafe which found malicious PDF documents made up 80 per cent of the web attacks it blocked in the last quarter of 2009.

Recently Adobe promised to move onto a quarterly patching schedule for Reader updates, at least, in order to make life easier for sys admins. The latest patches fall outside this sequence and without a detailed explanation of what had been fixed, leaving some in the security community puzzling over the update.

Andrew Storms, director of security operations at network security firm nCircle, commented: "As of now, there are no known zero day exploits in the wild for the patched Acrobat bug, but Adobe's effort to update this patch critical vulnerability outside their normal patch cycle will undoubtedly draw lots of attention from attackers."

"Last week Adobe released a security update to Flash and today they released an Acrobat update that references last week's Flash update. Adobe's lack of detailed security bulletins on the situation is leaving us all scratching our heads and wishing we had more informatio









This article comes from NB Productions Your guide on the Web since 2000
http://www.nb-productions.com

The URL for this story is:
http://www.nb-productions.com/modules.php?name=News&file=article&sid=584